51 lines
2.0 KiB
Diff
51 lines
2.0 KiB
Diff
|
From b36ecf8942ce8dea0c4a2b06b4607259deaf3613 Mon Sep 17 00:00:00 2001
|
||
|
From: Vojtech Polasek <vpolasek@redhat.com>
|
||
|
Date: Wed, 10 Aug 2022 09:59:57 +0200
|
||
|
Subject: [PATCH] switch rule grub2_disable_interactive_boot for
|
||
|
grub2_disable_recovery in rhel8 ospp
|
||
|
|
||
|
---
|
||
|
.../system/bootloader-grub2/grub2_disable_recovery/rule.yml | 1 +
|
||
|
products/rhel8/profiles/ospp.profile | 2 +-
|
||
|
tests/data/profile_stability/rhel8/ospp.profile | 2 +-
|
||
|
4 files changed, 3 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
|
||
|
index 4f8d4ddcfde..fb126cbe7d8 100644
|
||
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
|
||
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml
|
||
|
@@ -17,6 +17,7 @@ rationale: |-
|
||
|
severity: medium
|
||
|
|
||
|
identifiers:
|
||
|
+ cce@rhel8: CCE-86006-4
|
||
|
cce@rhel9: CCE-85986-8
|
||
|
|
||
|
references:
|
||
|
diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
|
||
|
index ebec8a3a6f9..6e3b30f64bb 100644
|
||
|
--- a/products/rhel8/profiles/ospp.profile
|
||
|
+++ b/products/rhel8/profiles/ospp.profile
|
||
|
@@ -304,7 +304,7 @@ selections:
|
||
|
## Disable Unauthenticated Login (such as Guest Accounts)
|
||
|
## FIA_UAU.1
|
||
|
- require_singleuser_auth
|
||
|
- - grub2_disable_interactive_boot
|
||
|
+ - grub2_disable_recovery
|
||
|
- grub2_uefi_password
|
||
|
- no_empty_passwords
|
||
|
|
||
|
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
index 21e93e310d5..267b66a4f89 100644
|
||
|
--- a/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
+++ b/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
@@ -89,7 +89,7 @@ selections:
|
||
|
- ensure_redhat_gpgkey_installed
|
||
|
- grub2_audit_argument
|
||
|
- grub2_audit_backlog_limit_argument
|
||
|
-- grub2_disable_interactive_boot
|
||
|
+- grub2_disable_recovery
|
||
|
- grub2_kernel_trust_cpu_rng
|
||
|
- grub2_page_poison_argument
|
||
|
- grub2_pti_argument
|